Fake but free and worth every cent

Robert Lipovsky ESET
Daniel Novomesky ESET
Juraj Malcho ESET

In his 2009 paper 'Is there a lawyer in the lab?', Juraj Malcho discussed the thin boundary between legitimate and malicious applications, and presented the difficulties AV companies have encountered dealing with greyware or potentially unwanted applications (PUAs). The severity (and sensitivity) of the situation has been borne out by numerous legal cases.

Two years later, the state of affairs is an even greater pain in the butt. The swindlers have noticeably improved their scam plots and social engineering and the challenge for the anti-malware industry is as great as ever. And the technical aspects of the adware or other potentially unwanted applications is not what we have in mind. We're talking about the effort that the authors invest into trying to convince people that their software is legitimate. They're trying to persuade not only the potential victim - which is basically what every trojan does - but also those of us who are responsible for malware detection! In effect, deciding whether or not to detect a PUA is often peculiarly difficult for anti-malware researchers.

In this paper we discuss a range of issues from various blatant online scams to applications which are much less useful than they may seem at first glance. The common factor here is selling a pig in a poke to the everyday, trusting computer user. The shift from rogue security software towards various PC tuning applications is just one example of an obvious trend.

Indeed, the surface characteristics of such software differentiate it from typical trojans and other malware. But aren't the goals of the perpetrators in both cases fundamentally the same? And what is the role of an AV today? Just preventing infections of PCs from viruses, worms and trojans? Don't we also have a responsibility to keep the Internet clean and free of junk? This is about boxing the ears of those software vendors who only care about raking in the profits, but offer no value in return.

 del.icio.us  digg this! digg this

Quick Links

Poll
Should software vendors extend support for their products on Windows XP beyond the end-of-life of the operating system?
Yes - it keeps their users secure
No - it encourages users to continue to use a less secure OS
I don't know
Leave a comment
View 23 comments

SMI Oil and Gas Cyber Security 2014

VB100 certification
VB100 For the first time in living memory, this test saw a clean sweep of certification passes, with all products reaching the required standard for a VB100 badge, and most also doing well in terms of stability.
See full results.

Virus Bulletin currently has 231,292 registered users.